As much as we would rather not report on yet another Android malware scare (we think security issues are overblown and that any platform is vulnerable, anyway), this one seems to be a first in the Android ecosystem. Security researchers have discovered what may be the first targeted Android malware attack, which is basically a smartly-crafted social engineering attack that specifically targeted a Tibetan activist, with the intent of spreading itself through the target’s contacts, thereby gaining access to their devices and information.
According to Russian security company Kaspersky Labs, hackers broke into the victim’s email account and distributed Android malware to this person’s contact list. The malware did the following:
- The lure was a supposed statement on a recent conference organized by the World Uyghur Congress (WUC), which brought together democracy and human-rights activists from Tibet, Southern Mongolia and East Turkestan.
- The attachment was supposedly a letter from related organizations — something that should pique the interest of any human-rights activist wanting to further their cause.
- The file is actually an Android APK that installs itself as an app called “Conference.” When opened, the app actually presents a fake message supposedly from the WUC chairman.
- The payload, however, is actually a backdoor to the server that can be controlled via SMS. This way, the phone can be controlled even without a data connection (or will perhaps activate a connection).
- The app sends back a message to the hackers’ servers reporting a successful installation. The app then sends the user’s contact list, SMS messages, call logs, geo-location data, basically all relevant data that a spy would want.
According to Kaspersky, the server is located at a Los Angeles-based data center, and the box actually hosts other Android malware. The server hosts a web-based interface that gives hackers remote-control access to their “slave” smartphones. The fact that the UI is in Chinese is probably indicative of the source of the attacks. The server’s IP address is actually registered to a Chinese company in Beijing.
Cyber-warfare is deemed to be the next frontier in warfare, which is why even the US government is actually beefing up its security assets. This even includes hiring talented hackers straight out of school, in the hope of improving both offensive and defensive capabilities. Meanwhile, restrictive regimes are likely to want to keep tabs on their supposed “enemies of the state.” And because data contained in smartphones will usually contain potentially incriminating contact lists, messages and even location data, this makes the targeted attack all the more effective.
True enough, Android malware won’t eat your children, but this doesn’t mean you can go ahead and be carefree or careless with the apps you install. This especially goes if you know you have enemies (online or otherwise), and you have information to protect.